Nexus provides anonymous access for users who only need to search repositories, browse repositories, and peruse the system feeds. This anonymous access level changes the navigation menu and some of the options available when you right-click on a repository. This read-only access displays the user interface shown in Nexus Interface for Anonymous Users.
The Nexus user interface is used with a web browser and works best with modern browsers. Older versions such as Microsoft Internet Explorer 7 or earlier are not supported and actively blocked from using Nexus to avoid an unsatisfactory user experience. Internet Explorer 8 works up to Nexus 2.8 and is not supported for newer releases.
The user interface is separated into a number of different sections.
- Header
-
The top of the page contains the header and on the right-hand side the 'Log In' button, which is replaced with a drop-down to log out, as well as navigate to the users profile. The header displays the version of Nexus and potentially the availability of a newer version.
- Nexus Menu
-
The left-hand side of the application features the Nexus menu, with its numerous submenus. The panel itself can be horizontally collapsed and expanded with the button in the top right-hand corner of the panel. Each submenu can be vertically collapsed and expanded with the button beside the title for each submenu. Depending on the access rights for the current user, different submenus and menu items are displayed.
- Main Panel
-
The main panel of the application to the right of the Nexus menu can host different tabs for different selections on the submenus in the navigation. Each tab can be closed individually and selected as the active tab.
Typical Example Nexus Interface with Repository List and Details shows a typical user interface appearance of Nexus with multiple tabs in the main panel. The activated panel 'Repositories' shows a list of repositories with the current selection highlighted. The panels underneath the list show details for the selected list item.
The list header features buttons for various operations as well as an input box that allows you to filter the list by any terms used in any column. Filtering the Repository List to Display Only Snapshot Repositories shows an example use case where a user typed "snap" in the filter box and the list of repositories only shows snapshot repositories. This filtering works for all columns in a list and can be used in most list displays in Nexus. For example you can use it to filter the users list to find disabled users, filter the routing list, the roles list and many more.
The column headers in most lists can be clicked to invoke a sorting of the list by the respective column.
|
Tip
|
A right mouse button click on list items exposes a context sensitive menu of operations in some lists. |
One of the most straightforward uses of Nexus is to browse the structure of a repository. If you click on the 'Repositories' menu item in the 'Views/Repositories' menu, you should see the following display. The tophalf of Browsing a Repository Storage shows you a list of groups and repositories along with the type of the repository and the repository status. To browse the artifacts that are stored in a local Nexus instance, click on the Browse Storage tab for a repository as shown in Browsing a Repository Storage.
When you are browsing a repository, you can right-click on any file and download it directly to your browser. This allows you to retrieve specific artifacts manually or examine a POM file in the browser. In addition, artifacts as well as directories can be deleted using right-click.
|
Note
|
When browsing a remote repository you might notice that the tree doesn’t contain all of the artifacts in a repository. When you browse a proxy repository, Nexus is displaying the artifacts that have been cached locally from the remote repository. If you don’t see an artifact you expected to see through Nexus, it only means that Nexus has yet to cache the artifact locally. If you have enabled remote repository index downloads, Nexus will return search results that may include artifacts not yet downloaded from the remote repository. Browsing a Repository Storage, is just an example, and you may or may not have the example artifact available in your installation of Nexus. |
A Nexus proxy repository acts as a local cache for a remote repository, in addition to downloading and caching artifacts locally, Nexus will also download an index of all the artifacts stored in a particular repository. When searching or browsing for artifacts, it is often more useful to search and browse the repository index. To view the repository index, click on the Browse Index tab for a particular repository to load the interface shown in Browsing a Repository Index.
Once you located an archive in the repository index or storage or via a search the right-hand panel will at minimum show the 'Artifact Information' tab as visible in Viewing the Artifact Information. Besides showing details like the 'Repository Path', 'Size', 'Checksums', location of the artifact and other details, you are able to download and delete the artifact with the respective buttons.
If the artifact you are examining is a Maven-related artifact like a pom file or a jar, you will see the 'Maven Information' tab in the right-hand panels. As visible in Viewing the Maven Information, the GAV parameters are displayed above an XML snippet identifying the artifact that you can just cut and paste into a Maven pom.xml file.
Support for custom metadata is part of Nexus Professional. You can view, edit, and search for additional metadata associated to any artifact in your Nexus repositories.
The features for custom metadata usage need to be activated by adding and enabling the 'Custom Metadata' capability as described in [capabilities].
Prior to Nexus 2.7 custom metadata support was an optional plugin that needed to be installed, following the instructions in [install-additional-plugins]. The directory containing the plugin code is called nexus-custom-metadata-plugin-X.Y.Z. Install the plugin
Security privileges allow you to define "read only" as well as "write" access for custom metadata as well as grant or disallow access.
When viewing a specific artifact from browsing repository storage or a repository index or from a search, the 'Artifact Metadata' tab displays the interface shown in Viewing Artifact Metadata.
Artifact metadata consists of a key, a value, and a namespace. Existing metadata from an artifact’s POM is given a urn:maven namespace, and custom attributes are stored under the urn:nexus/user namespace.
To add a custom attribute, click on an artifact in Nexus, and select the 'Artifact Metadata' tab. Click 'Add…' there and a new row will be inserted into the list of attributes. Supply a 'Key' and 'Value' and click 'Save' to update the artifact’s metadata. Editing Artifact Metadata shows the Artifact Metadata panel with two custom attributes: "approvedBy" and "approved".
For binary artifacts like jar files Nexus displays an 'Archive Browser' panel, as visible in Using the Archive Browser that allows you to view the contents of the archive. Clicking on invidiual files in the browser will download them and potentially display them in your browser. This can be useful for quickly checking out the contents of an archive without manually downloading and extracting it.
|
Important
|
The archive browser is a feature of Nexus Professional. |
Nexus Professional provides you with the ability to browse an artifact’s dependencies. Using the artifact metadata found in an artifact’s POM, Nexus will scan a repository or a repository group and attempt to resolve and display an artifact’s dependencies. To view an artifact’s dependencies, browse the repository storage or the repository index, select an artifact (or an artifact’s POM), and then click on the 'Maven Dependency' tab.
On the 'Maven Dependency' tab, you will see the following form elements:
- Repository
-
When resolving an artifact’s dependencies, Nexus will query an existing repository or repository group. In many cases it will make sense to select the same repository group you are referencing in your Maven settings. If you encounter any problems during the dependency resolution, you need to make sure that you are referencing a repository or a group that contains these dependencies.
- Mode
-
An artifact’s dependencies can be listed as either a tree or a list. When dependencies are displayed in a tree, you can inspect direct dependencies and transitive dependencies. This can come in handy if you are assessing an artifact, based on the dependencies it is going to pull into your project’s build. When you list dependencies as a list, Nexus is going to perform the same process used by Maven to collapse a tree of dependencies into a list of dependencies using rules to merge and override dependency versions if there are any overlaps or conflicts.
Once you have selected a repository to resolve against and a mode to display an artifact’s dependencies, click on 'Resolve' as shown in View an Artifact’s Dependencies. Clicking on this button will start the process of resolving dependencies, depending on the number of artifacts already cached by Nexus, this process can take anywhere from a few seconds to a minute. Once the resolution process is finished, you should see the artifact’s dependencies, as shown in View an Artifact’s Dependencies.
Once you have resolved an artifact’s dependencies, you can use the Filter text input to search for particular artifact dependencies. If you double-click on a row in the tree or list of dependencies, you can navigate to other artifacts within the Nexus interface.
One of the added features of Nexus Professional is the usage of data from Sonatype CLM. This data contains security and license information about artifacts and is accessible for a whole repository in the Repository Health Check feature described in [rhc]. Details about the vulnerability and security issue ratings and others can be found there as well.
The 'Component Info' tab displays the security and licence information available for a specific artifact. It is available in browsing or search results, once a you have selected an artifact in the search results list or repository tree view. An example search for Jetty, with the 'Component Info' tab visible, is displayed in Component Info Displaying Security Vulnerabilities for an Old Version of Jetty. It displays the results from the 'License Analysis' and any found 'Security Issues'.
The 'License Analysis' reveals a medium threat triggered by the fact that Non-Standard license headers were found in the source code as visible in the 'Observed License(s) in Source' column. The license found in the pom.xml file associated to the project only documented Apache-2.0 or EPL-1.0 as the 'Declared License(s)'.
The 'Security Issues' section displays two issues with 'Threat Level' values 5. The 'Summary' column contains a small summary description of the security issue. The 'Problem Code' column contains the codes, which link to the respective entries in the Common Vulnerabilities and Exposures CVE list as well as the Open Source Vulnerability DataBase OSVDB displayed in Common Vulnerabilities and Exposures CVE Entry for a Jetty Security Issue and Open Source Vulnerability DataBase OSVDB Entry for a Jetty Security Issue.
In this section, we’ve talked about the various ways CLM data is being used, at least at an introductory level. However, understanding the differences between the Sonatype CLM usage in Nexus Professional and Nexus Professional CLM may still be a little unclear. Rather you are likely asking, "What do I get with Nexus Professional - Sonatype CLM Edition.
Great question. With Sonatype CLM, Nexus Professional is expanded in the two key areas.
- Policy Management
-
Your organization likely has a process for determining which components can be included in your applications. This could be as simple as limiting the age of the component, or more complex, like prohibiting components with a certain type of licenses or security issue.
Whatever the case, the process is supported by rules. Sonatype CLM Policy management is a way to create those rules, and then track and evaluate your application. Any time a rule is broken, that’s considered a policy violation. Violations can then warn, or even prevent a release.
Here’s an example of the Sonatype CLM features for Nexus Staging.
- Component Information Panel
-
The Component Information Panel, or CIP, provides everything you need to know about a component. Looking at the image below, you’ll notice two sections. On the left, details about the specific component are provided. On the right, the graph provides a wide variety of information including popularity, license, or security issues. You can even click on each individual version in the graph, which will then display on the left.
Figure 16. Component Information Panel ExampleNoteThe CIP is then expanded with the View Details button which shows exactly what security or license issues were encountered, as well as any policy violations.
If you would like more information about these features, check out our Sonatype CLM Repository Manager Guide.
Nexus contains ordered groups of repositories that allow you to expose a series of repositories through a single URL. More often than not, an organization is going to point Maven at the default Nexus groups 'Public Repositories'. Most endusers of Nexus are not going to know what artifacts are being served from what specific repository, and they are going to want to be able to browse the public repository group.
To support this use case, Nexus allows you to browse the contents of a repository group as if it were a single merged repository with a tree structure. Browsing a Nexus Group, shows the browsing storage interface for a repository group. There is no difference to the user experience of browsing a repository group vs. browsing a repository.
When browsing a repository group’s storage, you are browsing the underlying storage for all of the repositories in a group. If a repository group contains proxy repositories, the 'Browse Storage' tab will show all of the artifacts in the group that have been downloaded from the remote repositories. To browse and search all artifacts available in a group, click on the 'Browse Index' tab to load the interface shown in Browsing a Nexus Group Index.
In the left-hand navigation area, there is an 'Artifact Search' text field next to a magnifying glass. To search for an artifact by groupId or artifactId, type in some text and click the magnifying glass. Typing in the search term junit and clicking the magnifying glass should yield a search result similar to Results of an Artifact Search for "junit".
The groupId in the 'Group' column and the artifactId in the 'Artifact' column identify each row in the search results table. Each row represents an aggregration of all artifacts in this 'Group' and 'Artifact' coordinate.
The 'Version' column displays the lastest version number available as well as a link to 'Show All Versions'.
The 'Most Popular Version' column displays the version that has the most downloads by all users accessing the Central Repository. This data can help with the selection of an appropriate version to use for a particular artifact.
The 'Download' column displays direct links to all the artifacts available for the latest version. A typical list of downloadable artifacts would include the Java archive 'jar', the Maven pom.xml file 'pom', a Javadoc archive 'javadoc.jar' and a Sourcecode archive 'sources.jar', but other download options are also added if more artifacts are available. Click on the link to download an artifact.
Each of the columns in the search results table can be used to sort the table in 'Ascending' or 'Descending' order. In addition, you can choose to add and remove colums with the sort and column drop-down options visible in Sort and Column Options in the Search Results Table.
The repository browser interface below the search results table will displays the artifact selected in the list in the repository structure with the same information panels available documented in Browsing Repositories. An artifact could be present in more than one repository. If this is the case, click on the value next to 'Viewing Repository' to switch between multiple matching repositories.
|
Warning
|
Let me guess? You installed Nexus, ran to the search box, typed in the name of a group or an artifact, pressed search, and saw absolutely nothing. No results. Nexus isn’t going to retrieve the remote repository indexes by default. You need to activate downloading of remote indexes for the three proxy repositories that Nexus are shipped with Nexus. Without these indexes, Nexus has nothing to search. Find instructions for activating index downloads in [confignx-sect-manage-repo]. |
Clicking on the (Show All Versions) link in the Version column visible in Results of an Artifact Search for "junit" will initiate an 'Advanced Search' by the groupId and artifactId of the row and result in a view similar to Advanced Search Results for a GAV Search Activated by the Show All Versions Link.
The header for the 'Advanced Search' contains a selector for the type of search and one or more text input fields to define a search and a button to run a new search with the specified parameters.
The search results table contains one row per 'Group' (groupId), 'Artifact' (artifactId), and 'Version'(version).
In addition, the 'Age' column displays the age of the artifacts being available on the Central Repository. Since most artifacts are published to the Central Repository when released, this age gives you a good indication of the actual time since the release of the artifact.
The 'Popularity' column shows a relative popularity as compared to the other results in the search table. This can give you a good idea on the adoption rate of a new release. For example if a newer version has a high age value, but a low popularity compared to an older version, you might want to check the upstream project and see if there is any issues stopping other users from upgrading that might affect you as well. Another reason could be that the new version does not provide signifcant improvements to warrant an upgrade for most users.
The 'Security Issues' column shows the number of known security issues for the specific artifact. The 'License Threat' column shows a colored square with blue indicating no license threat and yellow, orange and red indicating increased license threats. More information about both indicators can be seen in the 'Component Info' panel below the list of artifacts for the specific artifact.
The 'Download' column provides download links for all the available artifacts.
The following advanced searches are available:
- Keyword Search
-
Identical to the 'Artifact Search' in the left-hand navigation, this search will look for the specified strings in the groupId and artifactId.
- Classname Search
-
Rather than looking at the coordinates of an artifact in the repository, the 'Classname Search' will look at the contents of the artifacts and look for Java classes with the specified name. For example, try a search for a classname of Pair to see how many library authors saw a need to implement such a class, saving you from potentially implementing yet another version.
- GAV Search
-
The GAV search allows a search using the Maven coordinatess of an artifact. These are 'Group' (groupId), 'Artifact' (artifactId), 'Version' (version), 'Packaging' (packaging), and 'Classifier' (classifier). At a minimum you need to specify a group, artifact, or version in your search. An example search would be with an artifact guice and a classifier no_aop or a group of org.glassfish.main.admingui and a packaging war. The default packaging is 'jar', with other values as used in the Maven packaging like 'ear', 'war', 'maven-plugin', 'pom', 'ejb' and many others being possible choices.
- Checksum Search
-
Sometimes it is necessary to determine the version of a jar artifact in order to migrate to a qualified version. When attempting this and neither the filename nor the contents of the manfiest file in the jar contain any useful information about the exact version of the jar, you can use 'Checksum Search' to identify the artifact. Create a sha1 checksum, e.g., with the sha1sum command available on Linux or fciv on Windows, and use the created string in a checksum search. This will return one result, which will provide you with the GAV coordinates to replace the jar file with a dependency declaration.
- Metadata Search
-
Search for artifacts with specific metadata properties is documented in Searching Artifact Metadata.
|
Tip
|
The checksum search can be a huge timesaver when migrating a legacy build system, where the used libraries are checked into the version control system as binary artifacts with no version information available. |
To search for artifacts with specific metadata, click on the 'Advanced Search' link directly below the search field in the 'Artifact Search' submenu of the Nexus menu. This opens the 'Search' panel and allows you to select 'Metadata Search' in the search type drop-down as shown in Searching Artifact Metadata.
Once you select the metadata search you will see two search fields and an operator drop-down. The two search fields are the key and value of the metadata for which you are searching. The operator drop-down can be set to 'Equals', 'Matches', 'Key Defined', or 'Not Equal'. 'Equals' and 'Not Equals' compare the value for a specific key. 'Matches' allows the usage of \* to allow any characters. E.g., looking for tr* would match true but also match tree. The 'Key Defined' operator will ignore any value provided and return all artifacts with the supplied key.
Once you locate a matching artifact in the results list, click on the artifact and then select the Artifact Metadata to examine an artifacts metadata as shown in Metadata Search Results for Custom Metadata.
When your build makes use of proprietary or custom dependencies that are not available from public repositories, you will often need to find a way to make them available to developers in a custom Maven repository. Nexus ships with a preconfigured third-party repository that was designed to hold third-party dependencies that are used in your builds. To upload artifacts to a repository, select a hosted repository in the 'Repositories' panel and then click on the 'Artifact Upload' tab. Clicking on the 'Artifact Upload' tab will display the tab shown in Artifact Upload Tab.
To upload an artifact, click on 'Select Artifact(s) to Upload…', and select one or more artifacts from the filesystem to upload. Once you have selected an artifact, you can modify the classifier and the extension before clicking on the 'Add Artifact' button. Once you have clicked on the 'Add Artifact' button, you can then configure the source of the 'Group', 'Artifact', 'Version' (GAV) parameters.
If the artifact you are uploading is a jar file that was created by Maven it will already have POM information embedded in it. If you are uploading a jar from a vendor you will likely need to set the group identifier, artifact identifier, and version manually. To do this, select 'GAV Parameters' from the 'GAV Definition' drop-down at the top of this form. This will expose a set of form fields which will let you set the 'Group', 'Artifact', 'Version', and 'Packaging' of the artifacts being uploaded. Packaging can be selected from the list or provided by typing the value into the input box.
If you would prefer to set the group, artifact, and version from a POM file associated with the uploaded artifact, select 'From POM' in the 'GAV Definition' drop-down. This will expose a button labeled 'Select POM to Upload'. Once a POM file has been selected for upload, the name of the POM file will be displayed in the form field below this button.
|
Tip
|
Uploading a POM file allows you to add further details like dependencies to the file, which improves the quality of the upload by enabling transitive dependency management. |
The 'Artifact Upload' panel supports multiple artifacts with the same group, artifact, and version identifiers. For example, if you need to upload multiple artifacts with different classifiers, you may do so by clicking on 'Select Artifact(s) for Upload' and 'Add Artifact' multiple times. A common use case for this upload is to upload the pom and jar file as well as the javadoc and sources jar files file for an artifact.
Nexus provides feeds that expose system events. You can browse these feeds by clicking on 'System Feeds' under the 'Views/Repositories' menu. Clicking on 'System Feeds' will show the panel in Browsing Nexus System Feeds. You can use this simple interface to browse the most recent reports of artifact deployments, cached artifacts, broken artifacts, storage changes and otehr events that have occurred in Nexus.
These feeds can come in handy if you are working at a large organization with multiple development teams deploying to the same instance of Nexus. In such an arrangement, all developers in an organization can subscribe to the RSS feeds for New Deployed Artifacts as a way to ensure that everyone is aware when a new release has been pushed to Nexus. Exposing these system events as RSS feeds also opens the door to other, more creative uses of this information, such as connecting Nexus to external, automated testing systems. To access the RSS feeds for a specific feed, select the feed in the System Feeds view panel and then click on the Subscribe button. Nexus will then load the RSS feed in your browse and you can subscribe to the feed in your favorite RSS
There are a number of system feeds available in the System Feeds view, and each has a URL that resembles the following URL:
http://localhost:8081/nexus/service/local/feeds/recentlyChangedFiles
The URLs can be ammended with the parameters from and count to specify the dataset viewed. E.g.
http://localhost:8081/nexus/service/local/feeds/recentlyDeployedArtifacts?count=100
Where recentChanges would be replaced with the identifier of the feed you were attempting to read. Available system feeds include:
-
Authenication and Authorization Events
-
Broken artifacts in all Nexus repositories
-
Broken files in all Nexus repositories
-
Error and Warning events
-
New artifacts in all Nexus repositories
-
New cached artifacts in all Nexus repositories
-
New cached files in all Nexus repositories
-
New cached release artifacts in all Nexus repositories
-
New deployed artifacts in all Nexus repositories
-
New deployed files in all Nexus repositories
-
New deployed release artifacts in all Nexus repositories
-
New files in all Nexus repositories
-
New release artifacts in all Nexus repositories
-
Recent artifact storage changes in all Nexus repositories
-
Recent file storage changes in all Nexus repositories
-
Recent release artifact storage changes in all Nexus repositories
-
Repository Status Changes in Nexus
-
System changes in Nexus
'Support Tools' provides a collection of useful information for monitoring and analyzing your Nexus installation. You can access the 'Support Tools' in the 'Administration' submenu of the Nexus menu.
The 'System Information' tab displays a large number of configuration details related to
- Nexus
-
details about the versions of Nexus and the installed plugins, Nexus install and work directory location, application host and port and a number of other properties.
- Java Virtual Machine
-
all system properties like java.runtime.name, os.name and many more as known by the JVM running Nexus
- Operating System
-
including environment variables like JAVA_HOME or PATH as well as details about the runtime in terms of processor, memory and threads, network connectors and storage file stores.
You can copy a subsection of the text from the panel, use the 'Download' button to get a text file or use the 'Print' button to produce a document.
The 'Support ZIP' tab allows you to create a zip archive file that you can submit to Sonatype support via email or a support ticket. The checkboxes in for 'Contents' and 'Options' allow you to control the content of the archive.
You can include 'System Information' as available in the 'System Information' tab, a 'Thread Dump' of the JVM currently running Nexus, your Nexus general 'Configuration' as well as you 'Security Configuration', the Nexus 'Log' and a 'Metrics' file with network and request-related information.
The options allow you to limit the size of the included files as well as the overall file size. Pressing the 'Create' button with gather all files and create the archive in sonatype-work/nexus/support and open a dialog to download the file to your workstation.
As a logged-in user, you can click on your user name in the top right-hand corner of the Nexus user interface to expose a drop-down with an option to 'Logout' as well as to access your user 'Profile' displayed in Drop Down on User Name with Profile and Logut Options.
Once you have selected to display your profile, you will get access to the 'Summary' section of the 'Profile' tab as displayed in Summary Section of the Profile Tab.
The 'Summary' section allows you to edit your 'First Name', 'Last Name', and 'Email' directly in the form.
In addition to changing your name and email, the user profile allows you to change your password by clicking on the Change Password text. The dialog displayed in Changing Your Nexus Password will be displayed and allow you to supply your current password, and choose a new password. When you click on Change Password, your Nexus password will be changed.
The password change feature only works with the Nexus built-in XML Realm security realm. If you are using a different security realm like LDAP or Crowd, this option will not be visible.
The Profile tab can be used by other plugins and features to change or access user specific data and functionality. One such use case is the User Token access documented in [config-sect-usertoken].